Impact
An insufficient policy enforcement in the Chrome DevTools component allowed a remote attacker, having already compromised a renderer process, to craft a malicious HTML page that could potentially lead to bypassing the renderer sandbox and gaining wider system access. The vulnerability is identified as a medium severity issue by Chromium’s own security team, indicating that, while it does not directly expose remote code execution without prior compromise, it significantly raises the potential for privilege escalation within the browser’s sandboxed environment.
Affected Systems
Affected systems include all versions of Google Chrome prior to 150.0.7871.47 for desktop operating systems. The issue is specific to the DevTools feature and does not affect other Chrome components directly.
Risk and Exploitability
Risk analysis shows that the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Because exploitation requires an already compromised renderer process, the likelihood of a successful attack is limited to contexts where such a foothold can be achieved, such as through malicious extensions or zero‑day content. Despite the absence of an EPSS value, the medium Chromium severity suggests a non‑negligible risk, especially in environments that allow unrestricted DevTools usage or where renderer sandboxing is weakened. The lack of KEV inclusion indicates no publicly known exploits have yet been documented for this flaw.
OpenCVE Enrichment